Penetration Tester

Date: 7 Jul 2026

Location: Stellenbosch, ZA

Company: Capitec Bank Ltd

Break in. Get paid. Protect millions.

Most people spend their careers keeping systems secure. You spend yours testing whether they are.We're building one of South Africa's sharpest Cyber Security teams and we're looking for a mid-level Penetration Tester who thinks like an attacker, acts like an engineer and cares about protecting real people's money and data.If you get a quiet thrill from finding the flaw everyone else missed, keep reading.

What you'll do

You'll work as part of our internal penetration testing function, running authorized assessments on applications and infrastructure before products go live or after significant changes. Your job is to find what's broken before someone else does.

  • Run manual and automated penetration tests on web applications and APIs: This is the primary focus of the role.
  • Extend your assessments across internal services, cloud environments and emerging AI/LLM attack surfaces as the team's scope grows.
  • Use tools like Burp Suite Professional, Postman and Kali Linux to conduct end-to-end assessments.
  • Produce clear, detailed risk reports and work with product teams and risk officers to fix what you find.
  • Retest after fixes are applied: You see the work through to sign-off.Apply frameworks like OWASP and NIST to guide your methodology.
  • Carry out proactive due diligence reviews and respond to major infrastructure or software changes.
  • Collaborate with our Blue Team during incidents, helping interpret attack patterns and attacker behavior.
  • Participate in purple team exercises to test and sharpen our detection capabilities.
  • Treat internal and external threats with equal rigour: Both can compromise client data and business credibility.

What you'll bring

You need:

  • 3–5 years of hands-on experience in penetration testing
  • Real proficiency with Burp Suite Professional, Postman and Kali Linux
  • The ability to walk us through your methodology end to end, not just list your tools
  • Working knowledge of OWASP Top 10 for web and API
  • Demonstrated experience testing web applications and APIs as your primary discipline
  • The ability to write scripts in Python, Bash or Powershell to automate tasks, extend tools or support an assessment
  • Strong communication skills: You can translate a technical risk into something a non-technical stakeholder can act on.
  • Grade 12 and a certification in Information Technology (minimum) - no formal degree required; certifications and demonstrated hands-on experience carry more weight than academic credentials in this team

 

 

It's a bonus if you have:

  • Certifications: API Security Certified Professional (ASCP), Web application Penetration Tester (eWPT) or TCM Practical Web Pentest Professional and TCM Practical API Hacking
  • Experience testing mobile applications (Android/iOS)
  • Exposure to cloud environment assessments (AWS, Azure or GCP)
  • Interest in or early exposure to AI/LLM security testing
  • Experience with purple team exercisesKnowledge of the MITRE ATT&CK framework and threat modelling
  • A relevant tertiary qualification in IT or IT Engineering
  • Familiarity with Agile and DevOps environments

Where you will work

These roles are based at our Johannesburg Campus (Gauteng) or our Stellenbosch or Century City Campus (Cape Town).We work on a hybrid model (3 days in office, 2 days remote). You get the focus time you need at home and the collaboration time that keeps a security team sharp in person.

What's in it for you

We make it a priority to ensure that each person feels known, valued and can grow. We invest in your development and encourage continuous learning.Here's what joining our Cyber Security team looks like in practice: 

 

  • Structured onboarding and mentoring: You'll be paired with experienced team members and given the context you need to contribute from day one
  • Growth into senior roles: The team is expanding and we promote from within.
  • Work that matters: You're protecting millions of real clients' money and data, not theoretical systems.
  • A team that takes your craft seriously: You'll work alongside experienced ethical hackers who care about methodology, not just output.
  • Competitive salary based on experience
  • Medical aid contributions
  • Life and disability cover
  • Company pension plan
  • Education, training and certification support: We back your growth with real investment

 

 

Skills

  • Communications Skills
  • Computer Literacy (MS Word, MS Excel, MS Outlook)
  • Attention to Detail
  • Analytical Skills
  • Problem solving skills

Conditions of Employment

  • Clear criminal and credit record